Educational technology startup WhiteHat Jr said on Wednesday that it had earlier this month discovered “vulnerabilities” in its servers that had led to user data, including Personally Identifiable Information (PII), being exposed.
The vulnerability in its backend server, which allowed access to a variety of personal data of 280,000 users to outsiders, was flagged by an independent security researcher. ET could not independently verify when the security researcher first informed WhiteHat Jr about the issue.
According to a report on Tuesday by The Quint, by November 20, WhiteHat Jr, had taken note and resolved it. WhiteHat Jr hosts its servers on cloud computing platform Amazon Web Services (AWS).
The exposed data at the online coding platform for school kids included student names, age, gender, images, user IDs, and progress reports, etc. Most of this data is considered PII and categorised as sensitive personal data by the Personal Data Protection Bill that was tabled in Parliament last year.
Besides the PII of minors, the researcher also informed WhiteHat Jr that information about its teachers, parents, salary documents, internal company documents, and recorded videos of classes being conducted, was also accessible.
The researcher reportedly got a response within a day after emailing its Chief Technology Officer Pranab Dash on November 19 and 20.